CVE-2011-3224

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions through 10.6.8

Description The issue concerns the User Documentation component in Apple Mac OS X, which uses http sessions for updates to App Store help information. This allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.

Recommendations For Apple Mac OS X versions through 10.6.8, consider disabling the use of http sessions for App Store help information updates until a secure alternative is implemented. Restrict access to the App Store help information to minimize the risk of exploitation.